kubenetes master使用curl 操作API
前提条件: 已经使用kubeadm 安装集群
查看 kebelet.conf 配置内容
kubectl --kubeconfig /etc/kubernetes/kubelet.conf config view apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://{master node local ip}:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: admin@kubernetes
- context:
cluster: kubernetes
user: kubelet
name: kubelet@kubernetes
current-context: admin@kubernetes
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
- name: kubelet
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
我们对应到kubelet.conf中,发现每个REDACTED字样对应的都是一段数据,这段数据是由对应的数字证书内容或密钥内容转换(base64)而来的,在访问apiserver时会用到
node节点操作: # kubectl get pods
The connection to the server localhost: was refused - did you specify the right host or port? # kubectl --kubeconfig /etc/kubernetes/kubelet.conf get pods
NAME READY STATUS RESTARTS AGE
my-nginx--359d6 / Running 26d
my-nginx--3g0n7 / Running 26d
my-nginx--xkzsh / Running 26d
my-ubuntu--5q7q5 / Running 26d
my-ubuntu--lrrh0 / Running 26d
kubeadm创建k8s集群时,会在master node上创建一些用于组件间访问的证书、密钥和token文件,上面的kubeconfig中的“REDACTED”所代表的内容就是从这些文件转化而来的:
/etc/kubernetes/pki# ls
apiserver-key.pem apiserver.pem apiserver-pub.pem ca-key.pem ca.pem ca-pub.pem sa-key.pem sa-pub.pem tokens.csv
- apiserver-key.pem:kube-apiserver的私钥文件
- apiserver.pem:kube-apiserver的公钥证书
- apiserver-pub.pem kube-apiserver的公钥文件
- ca-key.pem:CA的私钥文件
- ca.pem:CA的公钥证书
- ca-pub.pem :CA的公钥文件
- sa-key.pem :serviceaccount私钥文件
- sa-pub.pem :serviceaccount的公钥文件
- tokens.csv:kube-apiserver用于校验的token文件
我们在 node节点上通过curl 测试一下通过安全通道访问master node上的kube-apiserver,kubenetes 的authentication(包括:客户端证书认证、basic auth、static token等)只要通过其中一个即可。当前kube-apiserver开启了客户端证书认证(–client-ca-file)和static token验证(–token-auth-file),我们只要通过其中一个,就可以通过authentication,于是我们使用static token方式。static token file的内容格式:
token,user,uid,"group1,group2,group3" 对应的内容
# cat /etc/kubernetes/pki/tokens.csv{token},{user},812ffe41-cce0-11e6-9bd3-00163e1001d7,system:kubelet-bootstrap用这个token通过curl与apiserver交互:
# curl --cacert /etc/kubernetes/pki/ca.pem -H "Authorization: Bearer {token}" https://{master node local ip}:6443
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/apps",
"/apis/apps/v1beta1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v2alpha1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1alpha1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1alpha1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/extensions/third-party-resources",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/logs",
"/metrics",
"/swaggerapi/",
"/ui/",
"/version"
]
}
类型为ReplicationController: 通过curl 调用 kube-apiserver操作命令如:
registry="docker.cinyi.com:443"
#取出项目目录
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名称
javaname=`ls $WORKSPACE/target/*war | awk -F'/' '{print $7}' | cut -d . -f 1`
#tag 时间
image_data=`date +%F_%H_%S`
mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/target/$javaname.war /data/docker_project/$javadir
#在/data/docker_project 目录下有一个dockerfile模版,根据war包的名字替换成新的dockerfile
sed "s/jenkins/$javaname/g" /data/docker_project/Dockerfile >/data/docker_project/$javadir/Dockerfile
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上传到registry
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data
#生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_rc.yaml >/data/docker_project/$javadir/${javaname}_rc.yaml
#定义image版本号
sed -i "s/lastest/$image_data/g" /data/docker_project/$javadir/${javaname}_rc.yaml
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml
#定义namespace 为test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#创建namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi
#创建service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "im-web" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#创建ReplicationController
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/replicationcontrollers | grep "im-web" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/replicationcontrollers/ -d "$(cat /data/docker_project/$javadir/${javaname}_rc.yaml)"
else
#滚动升级
ssh root@192.168.20.227 "kubectl rolling-update $javaname --image=docker.cinyi.com:443/senyint/$javaname:$image_data --namespace=test"
fi
类型为deployment: 通过curl 调用 kube-apiserver操作命令如: 对war包发版
registry="docker.cinyi.com:443"
#取出项目目录
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名称
javaname=`ls $WORKSPACE/target/*war | awk -F'/' '{print $7}' | cut -d . -f 1`
#tag 时间
image_data=`date +%F_%H_%M`
mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/target/$javaname.war /data/docker_project/$javadir
#在/data/docker_project 目录下有一个dockerfile模版,根据war包的名字替换成新的dockerfile
sed "s/jenkins/$javaname/g" /data/docker_project/Dockerfile >/data/docker_project/$javadir/Dockerfile
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上传到registry
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data
#生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_deployment.yaml >/data/docker_project/$javadir/${javaname}_deployment.yaml
#替换image版本号
echo 11111
sed -i "s/latest/$image_data/g" /data/docker_project/$javadir/${javaname}_deployment.yaml
echo 2222
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml
#定义namespace 为test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#创建namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi
#创建service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "${javaname}" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#创建Deployment
if `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ | grep "${javaname}" >/dev/null` ; then
#滚动升级
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X PUT $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/${javaname} -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
else
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
fi
类型为deployment: 通过curl 调用 kube-apiserver操作命令如: 对tar.gz包发版
registry="docker.cinyi.com:443"
#取出项目目录
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名称
javaname=`ls $WORKSPACE/pay-web/target/*tar.gz | awk -F'/' '{print $8}' | cut -d . -f 1`
#tag 时间
image_data=`date +%F_%H_%M` mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/pay-web/target/$javaname.tar.gz /data/docker_project/$javadir
#在/data/docker_project 目录下有一个dockerfile模版,根据war包的名字替换成新的dockerfile
sed "s/jenkins.war/$javaname.tar.gz/g" /data/docker_project/Dockerfile.bak >/data/docker_project/$javadir/Dockerfile
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上传到registry
cp /data/docker_project/supervisor_payapi.conf /data/docker_project/$javadir/
cp /data/docker_project/jdk.tar.gz /data/docker_project/$javadir/
cp /data/docker_project/supervisord.conf /data/docker_project/$javadir/
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data #生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_deployment.yaml >/data/docker_project/$javadir/${javaname}_deployment.yaml
#替换image版本号
echo 11111
sed -i "s/latest/$image_data/g" /data/docker_project/$javadir/${javaname}_deployment.yaml
echo 2222
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml #定义namespace 为test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#创建namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi #创建service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "${javaname}" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#创建Deployment
if `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ | grep "${javaname}" >/dev/null` ; then
#滚动升级
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X PUT $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/${javaname} -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
else
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
fi
Dockerfile
FROM senyint/centos7.:latest MAINTAINER fengjian <fengjian@senyint.com.com> RUN mkdir -p /data/webserver/pay-web-package ADD jdk.tar.gz /data ADD jenkins.war /data/webserver/pay-web-package ADD supervisord.conf /etc/supervisord.conf ADD supervisor_payapi.conf /etc/supervisor.conf.d/supervisor_payapi.conf RUN mkdir -p /etc/supervisor.conf.d && \
mkdir -p /var/log/supervisor ENTRYPOINT ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
使用 rolling-update进行升级必须使用 ReplicationController 类型,deployment不支持。
jenkins 对应的目录文件。
[root@docker1 ~]# kubectl rolling-update fengjian --image=docker.cinyi.com:443/senyint/im-web:v1 --namespace=fengjian20170221
deployment 使用命令升级方法
[root@docker1 ~]# kubectl set image deployment/pay-startup-package pay-startup-package=docker.cinyi.com/senyint/pay-startup-package:2017-03-27_15_56 --namespace=test
[root@docker5 docker_project]# cat configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: testenv
namespace: test
data:
mysql_server: 192.168.20.131
redis_server: 192.168.20.116
mongo_server: 192.168.20.116
[root@docker5 docker_project]# cat Dockerfile
FROM senyint/java1.:latest MAINTAINER fengjian <fengjian@senyint.com.com> ENV docker.cinyi.com 192.168.20.135 ADD jenkins.war /data/webserver/ RUN unzip /data/webserver/jenkins.war -d /data/webserver && \
rm /data/webserver/jenkins.war
[root@docker5 docker_project]# cat im-web_deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: im-web
namespace: test
spec:
replicas:
template:
metadata:
labels:
name: im-web
spec:
volumes:
- name: workdir
hostPath:
path: "/data/log/im-web"
containers:
- name: im-web
image: docker.cinyi.com:/senyint/im-web:latest
ports:
- containerPort:
volumeMounts:
- name: workdir
mountPath: /data/tomcat/logs
env:
- name: mysql_server
valueFrom:
configMapKeyRef:
name: testenv
key: mysql_server
- name: redis_server
valueFrom:
configMapKeyRef:
name: testenv
key: redis_server
- name: mongo_server
valueFrom:
configMapKeyRef:
name: testenv
key: mongo_server
[root@docker5 docker_project]# cat im-web_service.yaml
apiVersion: v1
kind: Service
metadata:
name: im-web
labels:
name: im-web
spec:
ports:
- port:
containerPort:
selector:
name: im-web
[root@docker5 docker_project]# cat namespaces.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test
label:
name: test
查看ingress 内容
[root@docker1 ~]# curl --cacert /root/ca.pem -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET https://192.168.20.227:6443/apis/extensions/v1beta1/ingresses
查看 namespaces下的 ingress
GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
删除namespaces 下的ingress
DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
创建
POST /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
读取
GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
curl --cacert /root/ca.pem -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET https://192.168.20.227:6443/apis/extensions/v1beta1/namespaces/test/ingresses/dashboard-ingress
替换
PUT /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}删除
DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
PATCH /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
docker registry 查看镜像:
[root@bcbf4a94a152 ~]# curl https://docker.cinyi.com/v2/_catalog
docker registry 查看版本号:
[root@bcbf4a94a152 ~]# curl https://docker.cinyi.com/v2/senyint/im-web/tags/list
kubenetes master使用curl 操作API的更多相关文章
- ElasticSearch之CURL操作(有空再去整理)
https://www.cnblogs.com/jing1617/p/8060421.html ElasticSearch之CURL操作 CURL的操作 curl是利用URL语法在命令行方式下工 ...
- 使用curl操作openstack swift
openstack官网有专门的开发者文档介绍如何使用curl操作swift(http://docs.openstack.org/api/openstack-object-storage/1.0/con ...
- 使用curl操作InfluxDB
这里列举几个简单的示例代码,更多信息请参考InfluxDB官方文档: https://docs.influxdata.com/influxdb/v1.1/ 环境: CentOS6.5_x64Influ ...
- Curl操作Elasticsearch的常用方法
Elasticsearch对于文档操作,提供了以下几种API,本文就说明如何使用curl方式来调用这些API. API种类 单文档操作API 1.* Index API 索引文档 * 为文档创建索引 ...
- paip.复制文件 文件操作 api的设计uapi java python php 最佳实践
paip.复制文件 文件操作 api的设计uapi java python php 最佳实践 =====uapi copy() =====java的无,要自己写... ====php copy ...
- 线程操作API
线程操作API 1.currentThread 2.getId() .getName().getPriority().getStart.isAlive().isDaemon().isInterrupt ...
- Delphi内存操作API函数(备查,并一一学习)
Delphi内存操作API函数System.IsMemoryManagerSet;System.Move;System.New;System.ReallocMem;System.ReallocMemo ...
- HTML5文件操作API
HTML5文件操作API 一.文件操作API 在之前我们操作本地文件都是使用flash.silverlight或者第三方的activeX插件等技术,由于使用了这些技术后就很难进行跨平台.或 ...
- Js 常用字符串操作 API
常用的一些字符串操作 API 整理 1.str.charAt(index).str.charCodeAt(index) - 返回指定位置的字符 / 字符编码(0~65535) index - 必须,表 ...
随机推荐
- AutoFac使用方法总结四:生命周期续
控制反转(IoC/Inverse Of Control): 调用者不再创建被调用者的实例,由autofac框架实现(容器创建)所以称为控制反转. 依赖注入(DI/Depende ...
- EF 多种查询方式
比较常用的查询方式linq to entity,这里先看一种写法: var query = (from d in testContext.Set<DepartPerson>() //查询和 ...
- java,JsonFormat格式化日期问题
今天使用以下代码格式日期字段 @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss") private Date createTime; 发现这样渲 ...
- mac,macbook 连接蓝牙耳机播放音乐断断续续
个人的情况是, mac本连的网线,用的无线鼠标, 屋里80多号人都在用笔记本,应该也有好多开着无线的东西 解决方法: mac 或macbook 连接蓝牙耳机播放音乐断断续续的原因, 在网上找了好多方法 ...
- python学习之老男孩python全栈第九期_数据库day003 -- 作业
数据库: class: course: student: teacher: score: /* Navicat Premium Data Transfer Source Server : local ...
- iOS中表视图单元格事件用nib和storyboard的两种写法总结
从ios6开始,苹果公司推出了storyborad技术取代了nib的写法,这样代码量确实少写了很多,也比较简洁.但是,从学习的角度来说,阿堂认为 用nib的写法,虽然多了些代码,但是对于掌握知识和原理 ...
- flutter Row里面元素居中显示
直接上代码: new Expanded( flex: , child: new Row( children: <Widget>[ Expanded( child: new Containe ...
- redis 适用场景、缓存选择、java实现
redis适用场景 查询多,修改少:如国家地区信息.商品分类.数据字典 缓存选择 hibernate二级缓存.mybatis二级缓存.redishibernate二级缓存.mybatis二级缓存默认不 ...
- 7 Recursive AutoEncoder结构递归自编码器(tensorflow)不能调用GPU进行计算的问题(非机器配置,而是网络结构的问题)
一.源代码下载 代码最初来源于Github:https://github.com/vijayvee/Recursive-neural-networks-TensorFlow,代码介绍如下:“This ...
- SQL Server ->> 查询添加XLOCK表提示不阻塞其他线程
BEGIN TRAN BEGIN END DROP TABLE IF EXISTS tempdb..#t CREATE TABLE #t ( spid int, dbid int, ObjId int ...